Wednesday, May 1, 2013

Getting replicated Ehcache and iptables to play nice

Struggled with this a bit and thought others might find this useful. If you're using RMI Replicated caching with Ehcache, you need to put a little thought into port security/strategy. The sample ehcache.xml includes:

Using this config means you're going to have to poke holes in iptables for ports 40001 and 40002. All that is pretty simple - the gotcha is if you're using automatic peer discovery. It needs multicasting to work. The docs call this out but it took me awhile to realize I had to specifically allow it in iptables, as it is likely prohibited by default in most environments.

IBM has a nice post about how to do this. So in this example (replicated Ehcache with automatic peer discovery), you'll need this in iptables on each host you expect to participate: